Vulnerabilities > CVE-2006-2916 - Improper Check for Dropped Privileges vulnerability in KDE Arts 1.0/1.2
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 | |
| OS | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200606-22.NASL description The remote host is affected by the vulnerability described in GLSA-200606-22 (aRts: Privilege escalation) artswrapper fails to properly check whether it can drop privileges accordingly if setuid() fails due to a user exceeding assigned resource limits. Impact : Local attackers could exploit this vulnerability to execute arbitrary code with elevated privileges. Note that the aRts package provided by Gentoo is only vulnerable if the artswrappersuid USE-flag is enabled. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 21742 published 2006-06-23 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21742 title GLSA-200606-22 : aRts: Privilege escalation code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200606-22. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(21742); script_version("1.15"); script_cvs_date("Date: 2019/08/02 13:32:43"); script_cve_id("CVE-2006-2916"); script_bugtraq_id(18429); script_xref(name:"GLSA", value:"200606-22"); script_name(english:"GLSA-200606-22 : aRts: Privilege escalation"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200606-22 (aRts: Privilege escalation) artswrapper fails to properly check whether it can drop privileges accordingly if setuid() fails due to a user exceeding assigned resource limits. Impact : Local attackers could exploit this vulnerability to execute arbitrary code with elevated privileges. Note that the aRts package provided by Gentoo is only vulnerable if the artswrappersuid USE-flag is enabled. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200606-22" ); script_set_attribute( attribute:"solution", value: "All aRts users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose kde-base/arts" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:arts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/23"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"kde-base/arts", unaffected:make_list("ge 3.5.2-r1", "rge 3.4.3-r1"), vulnerable:make_list("lt 3.5.2-r1"))) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get()); else security_warning(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "aRts"); }NASL family SuSE Local Security Checks NASL id SUSE_ARTS-1670.NASL description The KDE soundserver aRts lacked checks around some setuid() calls. This could potentially be used by a local attacker to gain root privileges. (CVE-2006-2916) last seen 2020-06-01 modified 2020-06-02 plugin id 27154 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27154 title openSUSE 10 Security Update : arts (arts-1670) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update arts-1670. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27154); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-2916"); script_name(english:"openSUSE 10 Security Update : arts (arts-1670)"); script_summary(english:"Check for the arts-1670 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "The KDE soundserver aRts lacked checks around some setuid() calls. This could potentially be used by a local attacker to gain root privileges. (CVE-2006-2916)" ); script_set_attribute(attribute:"solution", value:"Update the affected arts packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:arts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:arts-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"arts-1.5.1-15.3") ) flag++; if ( rpm_check(release:"SUSE10.1", cpu:"x86_64", reference:"arts-32bit-1.5.1-15.3") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "arts"); }NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2006-178-03.NASL description New aRts packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a possible security issue with artswrapper. The artswrapper program and the artsd daemon can be used to gain root privileges if artswrapper is setuid root and the system is running a 2.6.x kernel. Note that artswrapper is not setuid root on Slackware by default. Some people have recommended setting it that way online though, so it last seen 2020-06-01 modified 2020-06-02 plugin id 21767 published 2006-06-28 reporter This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/21767 title Slackware 10.0 / 10.1 / 10.2 / current : arts (SSA:2006-178-03) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2006-178-03. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(21767); script_version("1.15"); script_cvs_date("Date: 2019/10/25 13:36:20"); script_cve_id("CVE-2006-2916"); script_xref(name:"SSA", value:"2006-178-03"); script_name(english:"Slackware 10.0 / 10.1 / 10.2 / current : arts (SSA:2006-178-03)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New aRts packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a possible security issue with artswrapper. The artswrapper program and the artsd daemon can be used to gain root privileges if artswrapper is setuid root and the system is running a 2.6.x kernel. Note that artswrapper is not setuid root on Slackware by default. Some people have recommended setting it that way online though, so it's at least worth warning about. It's far safer to just add users to the audio group. The official KDE security advisory may be found here: http://www.kde.org/info/security/advisory-20060614-2.txt" ); # http://www.kde.org/info/security/advisory-20060614-2.txt script_set_attribute( attribute:"see_also", value:"https://www.kde.org/info/security/advisory-20060614-2.txt" ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?086b2a3e" ); script_set_attribute(attribute:"solution", value:"Update the affected arts package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:arts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:10.2"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"10.0", pkgname:"arts", pkgver:"1.2.3", pkgarch:"i486", pkgnum:"2_slack10.0")) flag++; if (slackware_check(osver:"10.1", pkgname:"arts", pkgver:"1.3.2", pkgarch:"i486", pkgnum:"2_slack10.1")) flag++; if (slackware_check(osver:"10.2", pkgname:"arts", pkgver:"1.4.2", pkgarch:"i486", pkgnum:"2_slack10.2")) flag++; if (slackware_check(osver:"current", pkgname:"arts", pkgver:"1.5.3", pkgarch:"i486", pkgnum:"2")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200704-22.NASL description The remote host is affected by the vulnerability described in GLSA-200704-22 (BEAST: Denial of Service) BEAST, which is installed as setuid root, fails to properly check whether it can drop privileges accordingly if seteuid() fails due to a user exceeding assigned resource limits. Impact : A local user could exceed his resource limit in order to prevent the seteuid() call from succeeding. This may lead BEAST to keep running with root privileges. Then, the local user could use the last seen 2020-06-01 modified 2020-06-02 plugin id 25110 published 2007-04-30 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/25110 title GLSA-200704-22 : BEAST: Denial of Service code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 200704-22. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(25110); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:32:44"); script_cve_id("CVE-2006-2916", "CVE-2006-4447"); script_xref(name:"GLSA", value:"200704-22"); script_name(english:"GLSA-200704-22 : BEAST: Denial of Service"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-200704-22 (BEAST: Denial of Service) BEAST, which is installed as setuid root, fails to properly check whether it can drop privileges accordingly if seteuid() fails due to a user exceeding assigned resource limits. Impact : A local user could exceed his resource limit in order to prevent the seteuid() call from succeeding. This may lead BEAST to keep running with root privileges. Then, the local user could use the 'save as' dialog box to overwrite any file on the vulnerable system, potentially leading to a Denial of Service. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/200704-22" ); script_set_attribute( attribute:"solution", value: "All BEAST users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-sound/beast-0.7.1'" ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:beast"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/04/30"); script_set_attribute(attribute:"vuln_publication_date", value:"2006/06/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"media-sound/beast", unaffected:make_list("ge 0.7.1"), vulnerable:make_list("lt 0.7.1"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "BEAST"); }NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2006-107.NASL description A vulnerability in the artswrapper program, when installed setuid root, could enable a local user to elevate their privileges to that of root. By default, Mandriva Linux does not ship artswrapper setuid root, however if a user or system administrator enables the setuid bit on artswrapper, their system could be at risk, The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 21751 published 2006-06-24 reporter This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/21751 title Mandrake Linux Security Advisory : arts (MDKSA-2006:107) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2006:107. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(21751); script_version ("1.13"); script_cvs_date("Date: 2019/08/02 13:32:48"); script_cve_id("CVE-2006-2916"); script_xref(name:"MDKSA", value:"2006:107"); script_name(english:"Mandrake Linux Security Advisory : arts (MDKSA-2006:107)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability in the artswrapper program, when installed setuid root, could enable a local user to elevate their privileges to that of root. By default, Mandriva Linux does not ship artswrapper setuid root, however if a user or system administrator enables the setuid bit on artswrapper, their system could be at risk, The updated packages have been patched to correct these issues." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:arts"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64arts1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64arts1-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libarts1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libarts1-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2006/06/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2006.0", reference:"arts-1.4.2-2.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64arts1-1.4.2-2.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64arts1-devel-1.4.2-2.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libarts1-1.4.2-2.1.20060mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libarts1-devel-1.4.2-2.1.20060mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family SuSE Local Security Checks NASL id SUSE9_11075.NASL description The KDE soundserver aRts lacked checks around some setuid() calls. This could be used by a local attacker to gain root privileges. (CVE-2006-2916) last seen 2020-06-01 modified 2020-06-02 plugin id 41092 published 2009-09-24 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/41092 title SuSE9 Security Update : arts (YOU Patch Number 11075) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(41092); script_version("1.7"); script_cvs_date("Date: 2019/10/25 13:36:28"); script_cve_id("CVE-2006-2916"); script_name(english:"SuSE9 Security Update : arts (YOU Patch Number 11075)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 9 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "The KDE soundserver aRts lacked checks around some setuid() calls. This could be used by a local attacker to gain root privileges. (CVE-2006-2916)" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2006-2916/" ); script_set_attribute(attribute:"solution", value:"Apply YOU patch number 11075."); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2006/06/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SUSE9", reference:"arts-1.2.1-35.7")) flag++; if (rpm_check(release:"SUSE9", cpu:"x86_64", reference:"arts-32bit-9-200606211826")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else exit(0, "The host is not affected.");
Statements
| contributor | Mark J Cox |
| lastmodified | 2006-08-16 |
| organization | Red Hat |
| statement | Not vulnerable. We do not ship aRts as setuid root on Red Hat Enterprise Linux 2.1, 3, or 4. |
References
- http://www.kde.org/info/security/advisory-20060614-2.txt
- http://dot.kde.org/1150310128/
- http://www.securityfocus.com/bid/18429
- http://securitytracker.com/id?1016298
- http://secunia.com/advisories/20677
- http://www.osvdb.org/26506
- http://www.gentoo.org/security/en/glsa/glsa-200606-22.xml
- http://secunia.com/advisories/20827
- http://secunia.com/advisories/20786
- http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.468256
- http://secunia.com/advisories/20868
- http://www.novell.com/linux/security/advisories/2006_38_security.html
- http://secunia.com/advisories/20899
- http://mail.gnome.org/archives/beast/2006-December/msg00025.html
- http://security.gentoo.org/glsa/glsa-200704-22.xml
- http://www.securityfocus.com/bid/23697
- http://secunia.com/advisories/25032
- http://secunia.com/advisories/25059
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:107
- http://www.vupen.com/english/advisories/2007/0409
- http://www.vupen.com/english/advisories/2006/2357
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27221
- http://www.securityfocus.com/archive/1/437362/100/0/threaded